Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-21486

successful authentication does not give full privilege with 3.0 mongos and 3.2 mongod

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 3.2.0-rc2
    • Fix Version/s: 3.2.0-rc4
    • Component/s: Security, Sharding
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Steps To Reproduce:
      Hide

      run jstests/sharding/authmr.js with everything in 3.2 expect for mongos, which is in 3.0

      Show
      run jstests/sharding/authmr.js with everything in 3.2 expect for mongos, which is in 3.0
    • Sprint:
      Sharding C (11/20/15), Sharding D (12/11/15)

      Description

      It appears that even if a user authenticates successfully as an admin user, it does not have the full privilege.

      This appears be the culprit since ActionSet::parseActionSetFromStringVector breaks out immediately when it sees an unrecognized action:

      2015-11-16T15:57:49.199-0500 W ACCESS   [conn1] Could not parse privilege element in user document for admin@admin: Unrecognized action privilege string: bypassDocumentValidation
      2015-11-16T15:57:49.218-0500 I ACCESS   [conn1] Successfully authenticated as principal admin on admin
      

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: